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DETAILED ACTION 
Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
, section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-60 are rejected under 35 U. S. C 103 (a) as being unpatentable over Bellwood 
in view of Stallings. 

In reference to claims 1, 14, 35, and 48, Bellwood discloses a system and method for 
participating in a secure communication between a client and a set of servers by establishing a 
first secure session between the client and the proxy and then a second session, using the second 
session the client request the connection to the server (abstract). The method disclosed by 
Bellwood comprises receiving a request from the client system for a secure connection between 
the client system and the proxy system (column 5 lines 30-31); establishing a secure connection 
between the client and proxy systems (column 5 lines 32-52); receiving a request from the client 
system for a secure end-to-end connection with the server system (column 6 lines 10-11); and 
forwarding the client system request for a secure end-to-end connection to the server system 
(column 6 lines 11-15). 

Although the server discloses decrypting, encrypting, and modifying the communications 
between the server and the client (column 6 lines 1-9 and lines 1 1-30) and the secure end-to-end 
connection is encapsulated within the insecure client-proxy connection, i.e. tunneling (column 5 
lines 54-65), Bellwood does not expressly disclose downgrading the secure connection between 
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the client system and the proxy system to be insecure after the secure end-to-end connection is 
established. 

Downgrading the secure connection between the client and the system is using a less 
secure method of communication after having used a secure form. Stalling discloses a system 
wherein the Key Distribution Center sends the communications to the Initiator in a secure form 
by encrypting using the key Ka and then re-encrypting the IDb and K s using Kb. The Initiator A 
performs the decryption and sends the Responder B ID a and K s in a downgraded less secure 
communication encrypted using only Kb (page 144). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to downgrade the security between the two devices as is performed between the 
Initiator A and the Responder B as disclosed by Stallings in the proxy and client respectively of 
the system disclosed by Bellwood. One of ordinary skill in the art would have been motivated to 
do this because the client may then use the grater computational power of the proxy to 
communicate with the server and thus reduce the price of producing the client devices. 

In reference to claim 27 Bellwood discloses a system and method for participating in a 
secure communication between a client and a set of servers by establishing a first secure session 
between the client and the proxy and then a second session, using the second session the client 
request the connection to the server (abstract). Bellwood discloses a system and method that 
comprises negotiating a secure connection between the client and proxy systems; negotiating a 
secure end-to-end connection between the client and the server system using the secure client- 
proxy connection (column 5 lines 40-65); and altering the secure client-proxy connection so that 
it is no longer secure (column 7 line 64 and column 8 line 6). 
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Although Bellwood discloses tunneling and therefore encapsulating the client-server 
communication within client proxy communication (column 5 lines 40-65) , Bellwood does not 
expressly disclose a secure end-to-end connection within the insecure client-proxy connection. 

Stalling discloses a system wherein the Key Distribution Center sends the 
communications to the Initiator in a secure form by encrypting using the key Ka and then 
re-encrypting the ID a and K s using K^. The Initiator A performs the decryption and sends the 
Responder B ID a and K s in a downgraded less secure communication encrypted using only Kb 
(page 144). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to downgrade the security between the proxy and client of Bellwood as in the 
system disclosed by Stallings. One of ordinary skill in the art would have been motivated to do 
this because the client may then use the grater computational power of the proxy to communicate 
with the server and thus reduce the price of producing the client devices. 

In reference to claims 2, 15, 28, 36, and, 49, further comprising the acts of issuing an 
authenticate challenge to the client system; and receiving, over the secure client-proxy collection, 
proper authentication credentials from the client system (Fig. 4 session I and message 6). 

In reference to claims 3, 16, 37, and, 49, wherein the authenticate challenge issued to the 
client system is one of a basic and a digest authenticate challenge (column 5 lines 15-29). 

In reference to claims 4, 17, 30, and 39, wherein at least one of the secure client-proxy 
connection and the secure end-to-end connection is certificate based (Fig. 4). 
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In reference to claims 5, 18, 31,40, and 55, wherein at least one of the secure client-proxy 
connection and the secure end-to-end connection is one of a secure sockets layer and a transport 
layer security connection (column 3 lines 50-67). 

In reference to claims 6, 19, 29, 38, and 57, further comprising the act of sending a 
certificate to the client system, wherein the certificate may be used to verify the identity of the 
proxy system (column 5 lines 40-52). 

In reference to claims 7, 20, 41, 52, and 54, further comprising the act of receiving 
proper authentication credentials from the client system, wherein the proper authentication 
credentials received from the client system are certificate based. 

In reference to claims 8, 21, 42, and, 55, further comprising the act of transferring data 
between the client system and the server system through the secure end-to-end connection 
(column 5 lines 58-65). 

In reference to claims 9, 22, 32, 43, and 56, wherein downgrading the secure connection 
between the client system and the proxy system to be insecure comprises the act of setting the 
cipher set for the connection to be a null cipher. Stallings discloses the messaging wherein the 
amount of encryption is down graded which performs the function of the connection being a null 
cipher (page 144). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to downgrade the security between the proxy and client of Bellwood as in the 
system disclosed by Stallings. One of ordinary skill in the art would have been motivated to do 
this because the client may then use the grater computational power of the proxy to communicate 
with the server and thus reduce the price of producing the client devices. 
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In reference to claims 10, 23, 33, 44, and 57, wherein the request for a secure end-to-end 
connection comprises a hypertext transfer protocol connect request (column 6 lines 10-1 1). 

In reference to claims 11, 24, 45, and 58, wherein the server system comprises one of a 
reverse proxy server system and a forward proxy system (Fig. 4). 

In reference to claims 12, 25, 46, and 59, wherein at least one connection is over the 
Internet (Fig. 2). 

In reference to claims 13, 26, 34, 47, and 60, wherein the server system comprises a 
cascaded proxy system, the server system allowing Secure connections, insecure connections, or 
both secure and insecure connections, with one or more other server systems (Fig. 4). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

PWK 

Monday, November 1 5, 2004 




SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



